Chris Kim
69f96d6225
Define a Controllers and LeaderControllers on the server config ( #3043 )
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2021-03-11 10:39:00 -08:00
Brad Davidson
8ace8975d2
Don't start up multiple apiserver load balancers
...
get() is called in a loop until client configuration is successfully
retrieved. Each iteration will try to configure the apiserver proxy,
which will in turn create a new load balancer. Skip creating a new
load balancer if we already have one.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-08 17:05:25 -08:00
Brad Davidson
c0d129003b
Handle loadbalancer port in TIME_WAIT
...
If the port wanted by the client load balancer is in TIME_WAIT, startup
will fail. Set SO_REUSEPORT so that it can be listened on again
immediately.
The configurable Listen call wants a context, so plumb that through as
well.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-08 17:05:25 -08:00
Brad Davidson
7cdfaad6ce
Always use static ports for client load-balancers ( #3026 )
...
* Always use static ports for the load-balancers
This fixes an issue where RKE2 kube-proxy daemonset pods were failing to
communicate with the apiserver when RKE2 was restarted because the
load-balancer used a different port every time it started up.
This also changes the apiserver load-balancer port to be 1 below the
supervisor port instead of 1 above it. This makes the apiserver port
consistent at 6443 across servers and agents on RKE2.
Additional fixes below were required to successfully test and use this change
on etcd-only nodes.
* Actually add lb-server-port flag to CLI
* Fix nil pointer when starting server with --disable-etcd but no --server
* Don't try to use full URI as initial load-balancer endpoint
* Fix etcd load-balancer pool updates
* Update dynamiclistener to fix cert updates on etcd-only nodes
* Handle recursive initial server URL in load balancer
* Don't run the deploy controller on etcd-only nodes
2021-03-06 02:29:57 -08:00
Hussein Galal
c26b737b24
Mark disable components flags as experimental ( #3018 )
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-05 00:05:20 +02:00
Brian Downs
4d1f9eda9d
Etcd Snapshot/Restore to/from S3 Compatible Backends ( #2902 )
...
* Add functionality for etcd snapshot/restore to and from S3 compatible backends.
* Update etcd restore functionality to extract and write certificates and configs from snapshot.
2021-03-03 11:14:12 -07:00
Hussein Galal
1bf04b6a50
Merge pull request #3003 from galal-hussein/fix_etcd_only_nodes
...
Fix etcd only nodes
2021-03-02 02:16:02 +02:00
Brad Davidson
4fb073e799
Log clearer error on startup if NPC cannot be started
...
Servers should always be upgraded before agents, but generally this
isn't required because things are compatible between versions. In this
case we're OK with failing closed if the user upgrades out of order, but
we should give a clearer message about what steps are required to fix
the issue.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-03-01 14:23:59 -08:00
galal-hussein
ef999f0b4f
change error to warn when removing self from etcd members
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-02 00:19:57 +02:00
galal-hussein
d6124981d5
remove etcd member if disable etcd is passed
...
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-03-01 23:50:50 +02:00
Erik Wilson
4e5218b62c
Apply suggestions from code review
...
Logging cleanup
Co-authored-by: Brad Davidson <brad@oatmail.org>
2021-03-01 10:44:24 -07:00
Erik Wilson
4aac6b6bd0
Update to Traefik 2.4.2 and combine manifests
2021-03-01 10:44:24 -07:00
Erik Wilson
54a35505f0
Remove Traefik v1 migration
2021-03-01 10:44:24 -07:00
Chin-Ya Huang
cc96f8140a
Allow download traefik static file and rename
...
Allow writing static files regardless of the version.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:24 -07:00
Chin-Ya Huang
10e0328977
Traefik v2 integration
...
K3s upgrade via watch over file change of static file and manifest
and triggers helm-controller for change. It seems reasonable to
only allow upgrade traefik v1->v2 when there is no existing custom
traefik HelmChartConfig in the cluster to avoid any
incompatibility.
Here also separate the CRDs and put them into a different chart
to support CRD upgrade.
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2021-03-01 10:44:23 -07:00
Brad Davidson
f970e49b7d
Wait for apiserver to become healthy before starting agent controllers
...
It is possible that the apiserver may serve read requests but not allow
writes yet, in which case flannel will crash on startup when trying to
configure the subnet manager.
Fix this by waiting for the apiserver to become fully ready before
starting flannel and the network policy controller.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 19:28:53 -08:00
Brad Davidson
9b39c1c117
Hide the airgap-extra-registry flag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-26 16:08:49 -08:00
Brad Davidson
88dd601941
Limit zstd decoder memory
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Brad Davidson
ae5b93a264
Use HasSuffixI utility function
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Brad Davidson
ec661c67d7
Add support for retagging images on load from tarball
...
Adds support for retagging images to appear to have been sourced from
one or more additional registries as they are imported from the tarball.
This is intended to support RKE2 use cases with system-default-registry
where the images need to appear to have been pulled from a registry
other than docker.io.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-17 11:48:03 -08:00
Hussein Galal
5749f66aa3
Add disable flags for control components ( #2900 )
...
* Add disable flags to control components
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes to disable flags
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add comments to functions
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Fix joining problem
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* golint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix ticker
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix role labels
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2021-02-12 17:35:57 +02:00
Brian Downs
21d1690d5d
update usage text ( #2926 )
...
update to the --cluster-init usage flag to indicate it's for Etcd
2021-02-10 15:54:04 -07:00
Brad Davidson
6e768c301e
Use appropriate response codes for authn/authz failures
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-09 16:28:20 -08:00
Brad Davidson
374271e9a0
Collect IPs from all pods before deciding to use internal or external addresses ( #2909 )
...
* Collect IPs from all pods before deciding to use internal or external addresses
@Taloth correctly noted that the code that iterates over ServiceLB pods
to collect IP addresses was failing to add additional internal IPs once
the map contained ANY entry from a previous node. This may date back to
when ServiceLB used a Deployment instead of a DaemonSet, so there was
only ever a single pod.
The new behavior is to collect all internal and external IPs, and then
construct the address list of a single type - external if there are any,
otherwise internal.
https://github.com/k3s-io/k3s/issues/1652#issuecomment-774497788
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2021-02-09 16:26:57 -08:00
Brad Davidson
e06119729b
Improve handling of comounted cpu,cpuacct controllers ( #2911 )
...
* Improve handling of comounted cpu,cpuacct controllers
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-09 16:12:58 -08:00
Brad Davidson
ad5e504cf0
Allow joining clusters when the server CA is trusted by the OS CA bundle ( #2743 )
...
* Add tests to clientaccess/token
* Fix issues in clientaccess/token identified by tests
* Update tests to close coverage gaps
* Remove redundant check turned up by code coverage reports
* Add warnings if CA hash will not be validated
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-08 22:28:57 -08:00
Brad Davidson
6c472b5942
Use zstd instead of gzip for embedded tarball
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-08 21:08:35 -08:00
Brad Davidson
c5e2676d5c
Update local-path-provisioner and helper busybox ( #2885 )
...
* Update local-path-provisioner and helper busybox
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-04 10:49:25 -08:00
Brad Davidson
65c78cc397
Replace options.KubeRouterConfig with config.Node and remove metrics/waitgroup stuff
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson
07256cf7ab
Add ServiceIPRange and ServiceNodePortRange to agent config
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson
95a1a86847
Spell check upstream code
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Brad Davidson
29483d0651
Initial update of netpol and utils from upstream
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-02-03 10:41:51 -08:00
Akihiro Suda
f3c41b7650
fix cgroup2 support
...
Fix issue 900
cgroup2 support was introduced in PR 2584, but got broken in f3de60ff31
It was failing with "F1210 19:13:37.305388 4955 server.go:181] cannot set feature gate SupportPodPidsLimit to false, feature is locked to true"
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-25 22:45:07 -08:00
Akihiro Suda
728ebcc027
rootless: remove rootful /run/{netns,containerd} symlinks
...
Since a recent commit, rootless mode was failing with the following errors:
```
E0122 22:59:47.615567 21 kuberuntime_manager.go:755] createPodSandbox for pod "helm-install-traefik-wf8lc_kube-system(9de0a1b2-e2a2-4ea5-8fb6-22c9272a182f)" failed: rpc error: code = Unknown desc = failed to create network namespace for sandbox "285ab835609387f82d304bac1fefa5fb2a6c49a542a9921995d0c35d33c683d5": failed to setup netns: open /var/run/netns/cni-c628a228-651e-e03e-d27d-bb5e87281846: permission denied
...
E0122 23:31:34.027814 21 pod_workers.go:191] Error syncing pod 1a77d21f-ff3d-4475-9749-224229ddc31a ("coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)"), skipping: failed to "CreatePodSandbox" for "coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)" with CreatePodSandboxError: "CreatePodSandbox for pod \"coredns-854c77959c-w4d7g_kube-system(1a77d21f-ff3d-4475-9749-224229ddc31a)\" failed: rpc error: code = Unknown desc = failed to create containerd task: io.containerd.runc.v2: create new shim socket: listen unix /run/containerd/s/8f0e40e11a69738407f1ebaf31ced3f08c29bb62022058813314fb004f93c422: bind: permission denied\n: exit status 1: unknown"
```
Remove symlinks to /run/{netns,containerd} so that rootless mode can create their own /run/{netns,containerd}.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-01-22 19:51:43 -08:00
Brad Davidson
071de833ae
Fix typo in field tag
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 19:38:37 -08:00
Brad Davidson
8011697175
Only container-runtime-endpoint wants RuntimeSocket path as URI
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 18:56:30 -08:00
Yuriy
06fda7accf
Add functionality to bind custom IP address for Etcd metrics endpoint ( #2750 )
...
* Add functionality to bind custom IP address for Etcd metrics endpoint
Signed-off-by: yuriydzobak <yurii.dzobak@lotusflare.com>
2021-01-22 17:40:48 -08:00
Brad Davidson
f152f656a0
Replace k3s cloud provider wrangler controller with core node informer ( #2843 )
...
* Replace k3s cloud provider wrangler controller with core node informer
Upstream k8s has exposed an interface for cloud providers to access the
cloud controller manager's node cache and shared informer since
Kubernetes 1.9. This is used by all the other in-tree cloud providers;
we should use it too instead of running a dedicated wrangler controller.
Doing so also appears to fix an intermittent issue with the uninitialized
taint not getting cleared on nodes in CI.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2021-01-22 16:59:48 -08:00
Brian Downs
13229019f8
Add ability to perform an etcd on-demand snapshot via cli ( #2819 )
...
* add ability to perform an etcd on-demand snapshot via cli
2021-01-21 14:09:15 -07:00
Waqar Ahmed
3ea696815b
Do not validate snapshotter argument if docker is enabled
...
Problem:
While using ZFS on debian and K3s with docker, I am unable to get k3s working as the snapshotter value is being validated and the validation fails.
Solution:
We should not validate snapshotter value if we are using docker as it's a no-op in that case.
Signed-off-by: Waqar Ahmed <waqarahmedjoyia@live.com>
2021-01-20 12:25:28 -08:00
Erik Wilson
c71060f288
Merge pull request #2744 from erikwilson/rke2-node-password-bootstrap
...
Bootstrap node password with local file
2021-01-11 09:51:30 -07:00
MonzElmasry
86f68d5d62
change etcd dir permission if it exists
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2021-01-08 23:47:36 +02:00
Erik Wilson
4245fd7b67
Return http.StatusOK instead of 0
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 16:55:47 -07:00
Erik Wilson
2fb411fc83
Fix spelling mistake
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:07 -07:00
Erik Wilson
09eb44ba53
Bootstrap node password with local file
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-23 15:08:06 -07:00
JenTing Hsiao
57041f0239
Add codespell CI test and fix codespell error ( #2740 )
...
* Add codespell CI test
* Fix codespell error
2020-12-22 12:35:58 -08:00
Brad Davidson
8936cf577f
Bump coredns to 1.8.0
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-17 15:20:19 -08:00
Chris Kim
332fd73d46
Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s ( #2594 )
...
* Add support for both config-file and data-dir at a global level in the self-extracting wrapper for K3s
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-16 09:27:57 -08:00
Erik Wilson
1230d7b7df
Fix HA server initialization
...
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
2020-12-15 16:08:28 -08:00
Brad Davidson
8e4d3e645b
Restore legacy master role for etcd nodes
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-15 15:15:46 -08:00
Chris Kim
61ef2ce95e
use version.Program
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-09 12:34:13 -08:00
Chris Kim
48925fcb88
Simplify checkCgroups function call
...
Co-authored-by: Brian Downs <brian.downs@gmail.com>
2020-12-09 11:59:54 -08:00
Chris Kim
a3f87a81bd
Independently set kubelet-cgroups and runtime-cgroups, and detect if we are running under a systemd scope
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-09 11:39:33 -08:00
Brad Davidson
c5aad1b5ed
Disable the ServiceAccountIssuerDiscovery feature-gate.
...
We're not setting ``--service-account-issuer` to a https URL, which causes an
error message at startup when the feature gate is enabled. From the
docs on that flag:
> If this option is not a valid URI per the OpenID Discovery 1.0 spec, the
> ServiceAccountIssuerDiscovery feature will remain disabled, even if the
> feature gate is set to true. It is highly recommended that this value
> comply with the OpenID spec:
> https://openid.net/specs/openid-connect-discovery-1_0.html . In practice,
> this means that service-account-issuer must be an https URL. It is also
> highly recommended that this URL be capable of serving OpenID discovery
> documents at {service-account-issuer}/.well-known/openid-configuration.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
63f2211b31
deprecate the "node-role.kubernetes.io/master" label / taint
...
Related to https://github.com/kubernetes/kubernetes/pull/95382
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
c6950d2cb0
Update Kubernetes to v1.20.0-k3s1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 22:51:34 -08:00
Brad Davidson
cd27c6fcbe
Bump coredns to 1.7.1
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-12-08 15:58:17 -08:00
Erik Wilson
0ae7f2d5ae
Merge pull request #2407 from erikwilson/node-passwd-cleanup
...
Use secrets for node-passwd entries
2020-12-08 16:25:13 -07:00
Chris Kim
3d1e40eaa3
Handle the case when systemd lives under `/init.scope`
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-08 10:26:54 -08:00
Chris Kim
e71e11fed0
Merge pull request #2642 from Oats87/issues/k3s/2548-cgroup
...
Set a cgroup if containerized
2020-12-08 10:05:21 -08:00
Chris Kim
f3de60ff31
When there is a defined cgroup for PID 1, assume we are containerized and set a root
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-12-07 13:15:15 -08:00
Hussein Galal
fadc5a8057
Add tombstone file to etcd and catch errc etcd channel ( #2592 )
...
* Add tombstone file to embedded etcd
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more fixes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* more changes
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* gofmt and goimports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod update
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go lint
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go mod tidy
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-12-07 22:30:44 +02:00
Chin-Ya Huang
3f0f2b342e
Show go version when executes with --version.
...
Signed-off-by: Chin-Ya Huang <chin-ya.huang@suse.com>
2020-12-04 12:51:15 -08:00
transhapHigsn
87a43c69e1
Problem: CoreDNS getting preempted by other pods
...
Solution: Set priorityClassName to system-node-critical of traefik, metrics-server, local storage and coredns deployment
Signed-off-by: transhapHigsn <fet.prashantsingh@gmail.com>
2020-12-04 12:50:12 -08:00
Akihiro Suda
eb72d509ce
pkg/agent/config: validate containerd snapshotter value
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
05f6255437
add fuse-overlayfs snapshotter (mainly for rootless mode)
...
Ubuntu and Debian kernels support mounting real overlayfs inside userns,
but the vanilla kernel still does not allow it.
OTOH fuse-overlayfs can be mounted inside userns with the vanilla kernel (>= 4.18).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 11:00:00 -08:00
Akihiro Suda
43f7eaedf8
rootless: fix "stat /run/user/1000: no such file or directory" on `kubectl run`
...
k3s was mounting a tmpfs on `/run` by itself, so it was hiding RootlessKit's `/run`.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 10:31:21 -08:00
Akihiro Suda
67410d2757
rootless: validate sysctl before starting up
...
Fix #2420
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-12-01 09:21:39 -08:00
Jacob Blain Christen
3647654fe4
[migration k3s-io] update helm-controller dependency ( #2569 )
...
rancher/helm-controller ➡️ k3s-io/helm-controller
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-12-01 08:59:10 -07:00
Akihiro Suda
0b45e32486
Support cgroup v2
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-11-30 22:57:37 -08:00
Jacob Blain Christen
36230daa86
[migration k3s-io] update kine dependency ( #2568 )
...
rancher/kine ➡️ k3s-io/kine
Part of https://github.com/rancher/k3s/issues/2189
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-11-30 16:45:22 -07:00
Brad Davidson
b873d3a03b
Explicitly set agent paths within --data-dir
...
Removing the cfg.DataDir mutation in 3e4fd7b
did not break anything, but
did change some paths in unwanted ways. Rather than mutating the
user-supplied command-line flags, explicitly specify the agent
subdirectory as needed.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-11 09:26:41 -08:00
Brad Davidson
58b5b21f0d
Don't pass cloud-provider flag to controller-manager
...
As per documentation, the cloud-provider flag should not be passed to
controller-manager when using cloud-controller. However, the legacy
cloud-related controllers still need to be explicitly disabled to
prevent errors from being logged.
Fixing this also prevents controller-manager from creating the
cloud-controller-manager service account that needed extra RBAC.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-09 13:55:09 -08:00
Brad Davidson
3e4fd7b41f
Respect --data-dir path for crictl.yaml
...
Related to rancher/rke2#474
Note that anyone who customizes the data-dir path will have to set
CRI_CONFIG_FILE to the correct path when using the wrapped binaries
(crictl, etc). This is better than dropping files in the incorrect
location.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
f50e3140f9
Disable configure-cloud-routes and external service/route programming support when using k3s stub cloud controller
...
Resolves warning 3 from #2471
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
31575e407a
Add Cluster ID support to k3s stub cloud controller
...
Resolves warning 2 from #2471 .
As per https://github.com/kubernetes/cloud-provider/issues/12 the
ClusterID requirement was never really followed through on, so the
flag is probably going to be removed in the future.
One side-effect of this is that the core k8s cloud-controller-manager
also wants to watch nodes, and needs RBAC to do so.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
5b318d093f
Fix containerd sock path warning
...
Resolves warning 1 from #2471
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Brad Davidson
d1424626ac
Disable containerd experimental snapshot labels
...
Related to #2455 and containerd/containerd#4684
These were not meant to be enabled by default, break images with many
layers, and will be disabled by default on the next containerd release.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-05 15:51:10 -08:00
Erik Wilson
992ca52c31
Enable go test in ci
2020-11-05 09:48:53 -07:00
Erik Wilson
92d04355f4
Use secrets for node-passwd entries and cleanup
2020-11-05 09:48:53 -07:00
Brad Davidson
3b8ec74049
Update disables list when building with no_stage
...
The --disable/--no-deploy flags actually turn off some built-in
controllers, in addition to preventing manifests from getting loaded.
Make it clear which controllers can still be disabled even when the
packaged components are ommited by the no_stage build tag.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-11-04 13:39:45 -08:00
Menna Elmasry
523ccaf3f2
Merge pull request #2448 from MonzElmasry/new_b
...
Make etcd use node private ip
2020-10-29 00:23:56 +02:00
MonzElmasry
e8436cc76b
Make etcd use node private ip
...
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-10-28 23:45:24 +02:00
Chris Kim
7b8a147a1b
Merge pull request #2408 from Oats87/rpm-install-selinux
...
Add auto-install capability to install.sh for k3s-selinux
2020-10-28 14:24:09 -04:00
Hussein Galal
fcd18d1b6e
skip node delete from removed member ( #2413 )
...
* skip node delete from removed member
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use grpc errors
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go imports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* exit if node is the etcd that being removed
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-10-28 18:32:51 +02:00
Chris Kim
96fc4c4b21
Add iptable_nat to modprobe list
...
Signed-off-by: Chris Kim <oats87g@gmail.com>
2020-10-27 14:22:14 -04:00
Brad Davidson
de18528412
Make etcd voting members responsible for managing learners ( #2399 )
...
* Set etcd timeouts using values from k8s instead of etcdctl
Fix for one of the warnings from #2303
* Use etcd zap logger instead of deprecated capsnlog
Fix for one of the warnings from #2303
* Remove member self-promotion code paths
* Add learner promotion tracking code
* Fix RaftAppliedIndex progress check
* Remove ErrGRPCKeyNotFound check
This is not used by v3 API - it just returns a response with 0 KVs.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-10-27 11:06:26 -07:00
Erik Wilson
6b11d86037
Merge pull request #2377 from erikwilson/no-proxy-fix
...
Use no_proxy env, add .svc and cluster domains
2020-10-12 13:46:22 -07:00
Erik Wilson
56e077eb29
Use no_proxy env, add .svc and cluster domains
2020-10-12 11:02:07 -07:00
Erik Wilson
114b5ccad1
Merge pull request #2363 from erikwilson/netpol-informers
...
Add event handlers to network policy controller
2020-10-12 08:53:39 -07:00
Erik Wilson
e26e333b7e
Add network policy controller CacheSyncOrTimeout
2020-10-07 12:35:44 -07:00
Erik Wilson
045cd49ab5
Add event handlers to network policy controller
2020-10-07 12:10:27 -07:00
Erik Wilson
ce0da0a0f4
Add file verification for data directory
2020-10-06 10:29:27 -07:00
Erik Wilson
66d29148f7
Add Release function for flock
2020-10-06 10:29:27 -07:00
Erik Wilson
360d82d20e
Add flock from k8s.io/kubernetes/pkg/util/flock
2020-10-06 10:29:26 -07:00
Brad Davidson
c3c983198f
Add temporary fix for issue with interrupted etcd promote
...
This is a minimal fix for https://github.com/rancher/rke2/issues/392
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-30 11:45:58 -07:00
Hussein Galal
373449ec0a
Allow for multiple etcd snapshot restoration ( #2307 )
...
* add reset tmp file
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* go imports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix multiple lines string
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix typo
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use resetFile function
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-30 02:53:31 +02:00
Brad Davidson
8262e23169
Revert removal of EndpointName hooks ( #2319 )
...
* Revert "Remove dead EndpointName code"
This reverts commit 8025da5a8d
.
* Fix docstrings based on proper understanding of use
2020-09-28 18:13:55 -07:00
Brad Davidson
360b0f1ee5
Add timeout to clientaccess http client
...
The default http client does not have an overall request timeout, so
connections to misbehaving or unavailable servers can stall for an
excessive amount of time. At the moment, just attempting to join
an unavailable cluster takes 2 minutes and 40 seconds to timeout.
Resolve that by setting a reasonable request timeout.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
cdfc6cfa1a
Split clientaccess token/kubeconfig code
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:27 -07:00
Brad Davidson
45dd4afe50
Simplify token parsing
...
Improves readability, reduces round-trips to the join server to validate certs.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:26:24 -07:00
Brad Davidson
9074da7405
Fix misc nits and missing/unused imports
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
703ba5cde7
Add a bunch of doc comments
...
Also change identical error messages to clarify where problems are
occurring.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
ae916c2dec
Use const for kube-system namespace
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
f59e8fc21b
Fix etcd directory permissions
...
Silences warning on startup about insecure directory permissions
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
ee99660a96
Rename etcd directory helpers to reduce confusion about which datadir we're talking about
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
8025da5a8d
Remove dead EndpointName code
...
According to @galal-hussein this is dead code that was probably brought
over from Kine. I certainly couldn't figure out what it is supposed to
be doing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:10:00 -07:00
Brad Davidson
97eb28a01a
Remove unnecessary listener arg from managed DB setup
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 03:09:45 -07:00
Brad Davidson
a3bbd58f37
Fix managed etcd cold startup deadlock issue #2249
...
We should ignore --token and --server if the managed database is initialized,
just like we ignore --cluster-init. If the user wants to join a new
cluster, or rejoin a cluster after --cluster-reset, they need to delete
the database. This a cleaner way to prevent deadlocking on quorum loss,
and removes the requirement that the target of the --server argument
must be online before already joined nodes can start.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-27 02:44:49 -07:00
Brad Davidson
42bba04651
Skip etcd snapshots if the local endpoint is still a learner ( #2295 )
...
* Don't take snapshots if the local endpoint is still a learner
* Configure timeouts for etcd client dialer
2020-09-21 20:23:18 -07:00
Brian Downs
ba70c41cce
Initial Logging Output Update ( #2246 )
...
This attempts to update logging statements to make them consistent
through out the code base. It also adds additional context to messages
where possible, simplifies messages, and updates level where necessary.
2020-09-21 09:56:03 -07:00
Hussein Galal
46fe57d7e9
reset etcd name on cluster reset ( #2284 )
...
* reset etcd name on cluster reset
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* gofmt
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-09-19 03:09:36 +02:00
Brad Davidson
8c6d3567fe
Rename k3s-controller based on the build-time program name
...
Since we're replacing the k3s rolebindings.yaml in rke2, we should allow
renaming this so that we can use the white-labeled name downstream.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-16 10:53:07 -07:00
Brad Davidson
ae5519c047
Use rancher-mirrored busybox for local-path-provisioner ( #2257 )
...
Related to #1908
Will be fixed upstream by
https://github.com/rancher/local-path-provisioner/pull/135/ but we're
not going to update the LPP image right now since it's undergoing some
changes that we don't want to pick up at the moment.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-15 18:02:51 -07:00
Erik Wilson
a08e998bc5
Import containerd images with all platforms
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-14 20:44:58 -07:00
Brad Davidson
fcaeebaa18
Add support for disabling all staged content
...
This reduces the binary footprint for downstream users that won't use
these files anyway.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-09-14 14:21:37 -07:00
Menna Elmasry
edb3e5b7a7
Add error logger to http server ( #2242 )
...
* add error logger to http server
Signed-off-by: MonzElmasry <menna.elmasry@rancher.com>
2020-09-14 23:14:30 +02:00
Brian Downs
15d7b61939
Merge remote-tracking branch 'upstream/master' into issue-112
2020-09-04 14:41:42 -07:00
Brian Downs
4c3ec907ab
remove k8s daemon config from setup hook in favor of specific fields from the config ( #2206 )
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-04 09:30:36 -07:00
Brian Downs
bb8e5374ea
conform to repo conventions
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 18:48:30 -07:00
Brian Downs
898cbeb9b6
Merge remote-tracking branch 'upstream/master' into issue-112
2020-09-03 17:26:48 -07:00
Darren Shepherd
289ba8df6a
All arguments should be of the form --k=v so that bool flags will work
...
Previously a bool flag would be rendered as --flag false for `flag: false`
which is invalid and results in the opposite of what you'd expect.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 16:25:35 -07:00
Darren Shepherd
64ae6affc5
Missing registering debug/config flags on server subcommand
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-09-03 13:19:25 -07:00
Brian Downs
00831f9bc8
use version.Program
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-03 08:51:17 -07:00
Brian Downs
301fb73952
add node ip to the request header for cert gen
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-09-02 19:15:09 -07:00
Craig Jellick
53b3d0fc56
Merge pull request #2180 from ibuildthecloud/configfile
...
Go back to urfave v1
2020-09-02 11:05:19 -07:00
Brad Davidson
a3e9d31e6c
Merge pull request #2097 from iwilltry42/registry-insecure-skip-verify
...
Feature: add insecure_skip_verify field to registry config template
2020-09-01 15:58:26 -07:00
Darren Shepherd
551a1842ad
Update pkg/cli/cmds/config.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:28 -07:00
Darren Shepherd
7657ed2e13
Update pkg/cli/server/server.go
...
Co-authored-by: Jacob Blain Christen <dweomer5@gmail.com>
2020-09-01 10:43:19 -07:00
Darren Shepherd
21d21ddd4d
Add config file support independent of CLI framework
...
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:13 -07:00
Darren Shepherd
ae5c585050
Revert "Add config file support"
...
This reverts commit e1dc3451bc
.
Signed-off-by: Darren Shepherd <darren@rancher.com>
2020-08-29 21:44:07 -07:00
Erik Wilson
447097a597
Merge pull request #2098 from erikwilson/k8s-1.19
...
Update to k8s 1.19
2020-08-28 18:22:15 -07:00
Erik Wilson
c5dc09159f
Move basic authentication to k3s
2020-08-28 17:18:34 -07:00
Erik Wilson
57fc0c9c87
Fix up authenticator
2020-08-28 17:18:34 -07:00
Erik Wilson
acc42874d8
Add k8s.io/apiserver/plugins/pkg/authenticator from release-1.18
2020-08-28 17:18:34 -07:00
Erik Wilson
837a943234
Update for k8s 1.19
2020-08-28 17:18:34 -07:00
Erik Wilson
daa4beb22c
Update go.mod for k8s 1.19
2020-08-28 17:18:31 -07:00
Erik Wilson
720197b9b1
Fix linting issues
2020-08-28 17:18:29 -07:00
Brian Downs
866dc94cea
Galal hussein etcd backup restore ( #2154 )
...
* Add etcd snapshot and restore
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix error logs
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* goimports
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* fix flag describtion
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Add disable snapshot and retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* use creation time for snapshot retention
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* unexport method, update var name
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* adjust snapshot flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var name, string concat
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* revert previous change, create constants
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* type assertion error checking
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* pr remediation
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* updates
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* simplify logic, remove unneeded function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update flags
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add comment
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* exit on restore completion, update flag names, move retention check
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update disable snapshots flag and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* move function
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update var and field names
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update defaultSnapshotIntervalMinutes to 12 like rke
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update directory perms
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update etc-snapshot-dir usage
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update interval to 12 hours
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* fix usage typo
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* add cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* wire in cron
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update deps target to work, add build/data target for creation, and generate
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove dead make targets
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* error handling, cluster reset functionality
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* update
Signed-off-by: Brian Downs <brian.downs@gmail.com>
* remove intermediate dapper file
Signed-off-by: Brian Downs <brian.downs@gmail.com>
Co-authored-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-08-28 16:57:40 -07:00
Frederick F. Kautz IV
cdce2b7e9a
Add support for compressed images when pre-loading images ( #2165 )
...
* Add support for compressed images when pre-loading images
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
* attempting to fix vendor source being dirty
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
* fixing file extension for .tar.lz4
Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu>
2020-08-28 12:27:01 -07:00
Brad Davidson
c4ac620b8b
Merge pull request #2159 from brandond/config_file_rename
...
Rename flags.conf to config.yaml
2020-08-25 21:43:48 -07:00
Brad Davidson
b4d81a9e33
Remove lingering references to dqlite
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 17:09:19 -07:00
Brad Davidson
43fcc5ddcb
Rename flags.conf => config.yaml
...
Related to https://github.com/rancher/rke2/issues/150
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-24 14:56:30 -07:00
Brad Davidson
c980fa68a0
Update helm-controller for HelmChartConfig CRD ( #2114 )
...
* Update helm-controller for HelmChartConfig CRD
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-20 14:23:50 -07:00
Brian Downs
324bb55986
add ctx to hook, handle hook errors
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 16:54:58 -07:00
Brian Downs
fa2c1422b3
change name of variable
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 14:30:53 -07:00
Brian Downs
a4b2953017
add setup hook capabilities for rke2
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-08-19 13:42:45 -07:00
Brad Davidson
79c499f0e0
Fix handling of TLS configuration args
...
Also fixes an unrelated error formatting issue turned up while testing.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 16:44:10 -07:00
Brad Davidson
b1d017f892
Update dynamiclistener
...
Second round of fixes for #1621
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-18 10:38:47 -07:00
Jacob Blain Christen
e2089bea18
cli: add --selinux flag to agent/server sub-cmds ( #2111 )
...
* cli: add --selinux flag to agent/server sub-cmds
Introduces --selinux flag to affirmatively enable SELinux in containerd.
Deprecates --disable-selinux flag which now defaults to true which
auto-detection of SELinux configuration for containerd is no longer
supported. Specifying both --selinux and --disable-selinux will result
in an error message encouraging you to pick a side.
* Update pkg/agent/containerd/containerd.go
update log warning message about enabled selinux host but disabled runtime
Co-authored-by: Brad Davidson <brad@oatmail.org>
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-08-11 16:17:32 -07:00
Jacob Blain Christen
97ff5affab
Merge pull request #2065 from dweomer/containerd/v1.3.6-selinux
...
updated containerd/cri selinux support
2020-08-07 11:09:28 -07:00
Thorsten Klein
cf8c101b70
registry template: add insecure_skip_verify field
...
Signed-off-by: Thorsten Klein <iwilltry42@gmail.com>
2020-08-06 08:02:08 +02:00
Brad Davidson
3f2551ec05
Merge pull request #1848 from euank/insecure-on-lo
...
Listen insecurely on localhost only
2020-08-05 10:55:09 -07:00
Euan Kemp
4808c4e7d5
Listen insecurely on localhost only
...
Before this change, k3s configured the scheduler and controller's
insecure ports to listen on 0.0.0.0. Those ports include pprof, which
provides a DoS vector at the very least.
These ports are only enabled for componentstatus checks in the first
place, and componentstatus is hardcoded to only do the check on
localhost anyway (see
https://github.com/kubernetes/kubernetes/blob/v1.18.2/pkg/registry/core/rest/storage_core.go#L341-L344 ),
so there shouldn't be any downside to switching them to listen only on
localhost.
2020-08-05 10:28:11 -07:00
Akihiro Suda
a70cdac356
update rootlesskit to v0.10.0
...
Fix intermittent "Connection reset by peer" error during port forwarding
https://github.com/rootless-containers/rootlesskit/issues/153
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-08-05 18:22:05 +09:00
Brad Davidson
3e8141dc65
Update dynamiclistener
...
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-08-04 13:05:37 -07:00
Hussein Galal
169ee63907
Add etcd members as learners ( #2066 )
...
* Add etcd members as learners
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
* Ignore errors in promote member
Signed-off-by: galal-hussein <hussein.galal.ahmed.11@gmail.com>
2020-07-29 22:52:49 +02:00
Brad Davidson
1eec7348a5
Call setproctitle to conceal node args in ps output
...
This is related to #2014 .
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-28 15:49:49 -07:00
Jacob Blain Christen
371bee82f9
containerd: bump to v1.3.6
...
Remove $NOTIFY_SOCKET, if present, from env when invoking containerd to
prevent gratuitous notifications sent to systemd.
Signed-off-by: Jacob Blain Christen <jacob@rancher.com>
2020-07-27 14:41:52 -07:00
Brad Davidson
dfd0f9d1a6
Correctly report and propagate kubeconfig write failures
...
As seen in issues such as #15 #155 #518 #570 there are situations where
k3s will fail to write the kubeconfig file, but reports that it wrote it
anyway as the success message is printed unconditionally. Also, secondary
actions like setting file mode and creating a symlink are also attempted
even if the file was not created.
This change skips attempting additional actions, and propagates the
failure back upwards.
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-24 12:07:32 -07:00
Brad Davidson
9da8dc4f61
Update coredns version to 1.6.9 for master
...
Needed for #1844
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
2020-07-21 11:06:44 -07:00
Brian Downs
5a81fdbdc5
update cis flag implementation to propogate the rest of the way through to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-20 16:31:56 -07:00
Jason
e3f8789114
Add containerd snapshotter flag ( #1991 )
...
* Add containerd snapshotter flag
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
* Fix CamelCase nit and option description
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
Signed-off-by: Jason-ZW <zhenyang@rancher.com>
Co-authored-by: Brad Davidson <brad@oatmail.org>
2020-07-18 01:16:23 +02:00
Brian Downs
abb2d9aad1
add flag usage
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:55:18 -07:00
Brian Downs
57a6319fac
add protect-kernel-defaults to kubelet
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-14 15:46:10 -07:00
Erik Wilson
66a8c2ad7f
Merge pull request #1899 from erikwilson/config-file
...
Add config file support
2020-07-14 08:41:45 -07:00
Brian Downs
ebac755da1
add profiling flag with default value of false
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-10 13:08:04 -07:00
Erik Wilson
e1dc3451bc
Add config file support
2020-07-10 10:34:00 -07:00
Brian Downs
99a8bca522
remove hard coded value
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-07-09 11:20:06 -07:00
Brandon Davidson
538842ffdc
Merge pull request #1768 from brandond/fix_1764
...
Configure default signer implementation to use ClientCA instead of ServerCA
2020-07-07 16:52:14 -07:00
Erik Wilson
0d6a2bfb0b
Merge pull request #1974 from mschneider82/patch-1
...
fixed panic in network_policy_controller
2020-07-01 09:48:00 -07:00
Erik Wilson
42f0b95ac5
Merge pull request #1800 from niusmallnan/dev
...
Add retry backoff for starting network-policy controller
2020-07-01 09:47:21 -07:00
niusmallnan
d713683614
Add retry backoff for starting network-policy controller
...
Signed-off-by: niusmallnan <niusmallnan@gmail.com>
2020-06-30 09:25:09 +08:00
Matthias Schneider
56a083c812
fixed panic in network_policy_controller
...
I have rebooted a newly created k3s etcd cluster and this panic was triggered:
```
k3s[948]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x45f2945]
k3s[948]: goroutine 1 [running]:
k3s[948]: github.com/rancher/k3s/pkg/agent/netpol.NewNetworkPolicyController(0xc00159e180, 0x61b4a60, 0xc006294000, 0xdf8475800, 0xc011d9a360, 0xc, 0x0, 0xc00bf545b8, 0x2b2edbc)
k3s[948]: /home/x/git/k3s/pkg/agent/netpol/network_policy_controller.go:1698 +0x275
```
Signed-off-by: Matthias Schneider <ms@wck.biz>
2020-06-29 20:49:24 +02:00
Jacob Blain Christen
3197d206ce
Merge pull request #1892 from dweomer/servicelb/node-role
...
servicelb: fix ineffective toleration
2020-06-26 13:55:57 -07:00
Brian Downs
58aae57e12
set environment variable and create config for crictl
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-06-24 14:26:44 -07:00
Brian Downs
63dbf806df
create symlink from docker sock to where crictl in k3s is looking for the sock to use
...
Signed-off-by: Brian Downs <brian.downs@gmail.com>
2020-06-23 18:42:45 -07:00
Hussein Galal
f5ee757b86
Add cluster dns configmap ( #1785 )
2020-06-22 23:06:01 +02:00
Brian Downs
7f4f237575
added profile = false args to api, controllerManager, and scheduler ( #1891 )
2020-06-12 21:09:41 +02:00
Jacob Blain Christen
1ed12cffa0
servicelb: fix ineffective toleration
...
noderole.kubernetes.io/master -> node-role.kubernetes.io/master
2020-06-11 14:39:12 -07:00
galal-hussein
c580a8b528
Add heartbeat interval and election timeout
2020-06-06 16:39:42 -07:00
Darren Shepherd
6b5b69378f
Add embedded etcd support
...
This is replaces dqlite with etcd. The each same UX of dqlite is
followed so there is no change to the CLI args for this.
2020-06-06 16:39:41 -07:00
Darren Shepherd
39571424dd
Generate etcd certificates
2020-06-06 16:39:41 -07:00
Darren Shepherd
a18d387390
Refactor clustered DB framework
2020-06-06 16:39:41 -07:00
Darren Shepherd
4317a91b96
Delete dqlite
2020-06-06 16:39:41 -07:00
Darren Shepherd
7e59c0801e
Make program name a variable to be changed at compile time
2020-06-06 16:39:41 -07:00
Taeho Kim
3d59a85dae
Upgrade local-path-storage to v0.0.14
2020-06-02 13:47:37 +00:00
Erik Wilson
43b9bf2e50
Merge pull request #1795 from StateFarmIns/support_for_setting_default_ssl_ciphers
...
Feature Request #1741 : Update to set default CipherSuites
2020-05-15 09:41:37 -07:00
Erik Wilson
d10d6f7fb3
Merge pull request #1762 from consideRatio/coredns-readinessprobe
...
coredns: readiness- and livenessProbe tweaks (~15s -> ~3s startup)
2020-05-15 09:40:54 -07:00
Chuck Schweizer
19c34bd12d
Update to set default CipherSuites
...
The default CipherSuites need to be set to disable the insecure TLS 1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Cipher
2020-05-13 08:34:45 -05:00
Chuck Schweizer
ca9c9c2e1e
Adding support for TLS MinVersion and CipherSuites
...
This will watch for the following kube-apiserver-arg variables and apply
them to the k3s kube-apiserver https listener.
--kube-apiserver-arg=tls-cipher-suites=XXXXXXX
--kube-apiserver-arg=tls-min-version=XXXXXXX
2020-05-07 09:27:09 -05:00
Erik Sundell
27ae2fb9c8
coredns: go generate
2020-05-07 16:21:46 +02:00
Darren Shepherd
cb4b34763e
Merge pull request #1759 from ibuildthecloud/background
...
Start kube-apiserver in the background
2020-05-06 21:50:48 -07:00
Darren Shepherd
e5fe184a44
Merge pull request #1757 from ibuildthecloud/separate-port
...
Add supervisor port
2020-05-06 21:32:45 -07:00
Darren Shepherd
072396f774
Start kube-apiserver in the background
...
In rke2 everything is a static pod so this causes a chicken and egg situation
in which we need the kubelet running before the kube-apiserver can be
launched. By starting the apiserver in the background this allows us to
do this odd bootstrapping.
2020-05-06 21:17:23 -07:00
Brad Davidson
71561ecda2
Use ClientCA for the signer controller
2020-05-06 16:51:35 -07:00
Darren Shepherd
f38082673d
Merge pull request #1753 from ibuildthecloud/prepull
...
Support prepulling images on start
2020-05-05 22:11:52 -07:00
Darren Shepherd
74bcf4da0b
Merge pull request #1756 from ibuildthecloud/less-logging
...
Only echo Waiting for kubelet every 30 seconds
2020-05-05 22:07:50 -07:00
Darren Shepherd
2f5ee914f9
Add supervisor port
...
In k3s today the kubernetes API and the /v1-k3s API are combined into
one http server. In rke2 we are running unmodified, non-embedded Kubernetes
and as such it is preferred to run k8s and the /v1-k3s API on different
ports. The /v1-k3s API port is called the SupervisorPort in the code.
To support this separation of ports a new shim was added on the client in
then pkg/agent/proxy package that will launch two load balancers instead
of just one load balancer. One load balancer for 6443 and the other
for 9345 (which is the supervisor port).
2020-05-05 15:54:51 -07:00
Darren Shepherd
afd6f6d7e7
Encapsulate execution logic
...
This moves all the calls to cobra root commands to one package
so that we can change the behavior of running components as embedded
or external.
2020-05-05 15:34:32 -07:00
Darren Shepherd
61ba9171ce
Only echo Waiting for kubelet every 30 seconds
...
Don't print a message every second while we are waiting for the
kubelet to report Ready.
2020-05-05 15:23:18 -07:00
Darren Shepherd
1d05e99769
Merge pull request #1752 from ibuildthecloud/disable-ccm
...
Don't write ccm.yaml if --disable-cloud-controller is set
2020-05-05 15:11:10 -07:00
Darren Shepherd
6932d03bb4
Support prepulling images on start
...
In the agent/images folder if a .txt file is found it is assumed to
be a line separated list of image names to pull on start.
2020-05-05 14:45:39 -07:00
Darren Shepherd
70ddc799bd
Merge pull request #1691 from ibuildthecloud/staticpod
...
Suppport static pods at ${datadir}/agent/staticpods
2020-05-05 14:35:45 -07:00
Darren Shepherd
341895c322
Don't write ccm.yaml if --disable-cloud-controller is set
2020-05-05 13:01:52 -07:00
Darren Shepherd
8c7fbe3dde
Suppport static pods at ${datadir}/agent/pod-manifests
2020-05-05 12:43:47 -07:00
Erik Wilson
39c3854648
Merge pull request #1720 from ilknarf/master
...
remove redundant Sprintf
2020-05-04 20:50:58 -07:00
Erik Wilson
c71561129e
Merge pull request #1716 from ibuildthecloud/debugpublic
...
Make debug variable public to be used by wrapper programs
2020-05-04 20:50:36 -07:00
Erik Wilson
c941e1d0bb
Merge pull request #1695 from ibuildthecloud/kubeproxy
...
Add ability to disable kubeproxy
2020-05-04 20:26:22 -07:00
Erik Wilson
df1725cb06
Merge pull request #1694 from ibuildthecloud/inittwice
...
Allow InitLogging to be called twice
2020-05-04 20:22:04 -07:00
Erik Wilson
2fb5bad3e8
Merge pull request #1704 from ibuildthecloud/x509-admin
...
No longer use basic auth for default admin account
2020-05-04 20:21:12 -07:00
Erik Wilson
21eabd902b
Merge pull request #1693 from ibuildthecloud/disableditem
...
Move disabled items to a const to keep more consistency
2020-05-04 20:16:42 -07:00
Erik Wilson
21266bab7e
Merge pull request #1692 from ibuildthecloud/err
...
Check for error on mkdir
2020-05-04 20:16:20 -07:00
Erik Wilson
ed8cd9250b
Merge pull request #1690 from ibuildthecloud/flannel
...
Only need to resolve the path of host-local if Flannel is enabled
2020-05-04 20:15:59 -07:00
Erik Wilson
47bb0939e6
Merge pull request #1611 from Dirbaio/master
...
Correctly quote auth strings in containerd config. For #1610
2020-05-04 19:27:17 -07:00
Frank
a18d94e5f9
remove redundant Sprintf
2020-04-30 10:48:12 -05:00
Darren Shepherd
56770ff2cc
Make debug variable public to be used by wrapper programs
2020-04-29 11:37:59 -07:00
Darren Shepherd
3c8e0b4157
No longer use basic auth for default admin account
2020-04-28 16:01:33 -07:00
Darren Shepherd
5715e1ba0d
Add ability to disable kubeproxy
2020-04-27 11:24:00 -07:00
Darren Shepherd
7920fa48c9
Only need to resolve the path of host-local if Flannel is enabled
2020-04-27 11:17:41 -07:00
Darren Shepherd
8cc9efdf7c
Allow InitLogging to be called twice
...
This makes it a bit easier to embed k3s into another go program
2020-04-27 11:16:08 -07:00
Darren Shepherd
8b8af94eb2
Move disabled items to a const to keep more consistency
...
This also help when embedding k3s because we can programmitically know
all the components to disable.
2020-04-27 11:15:35 -07:00
Darren Shepherd
c25f1ab1b6
Check for error on mkdir
2020-04-27 11:14:21 -07:00
Darren Shepherd
130e6e31a1
Merge pull request #1664 from KnicKnic/windows-18-build
...
fix build windows v1.18
2020-04-27 09:23:32 -07:00
Darren Shepherd
e4f87f51e2
Merge pull request #1681 from KnicKnic/fix_file_paths
...
fix usage of path instead of filepath
2020-04-27 09:21:48 -07:00
Darren Shepherd
7d06d2ccc1
Merge pull request #1653 from KnicKnic/enable_agent_windows
...
enable agent to start on windows
2020-04-27 09:05:12 -07:00
Knic Knic
44b8af097c
fix usage of path instead of filepath
2020-04-25 00:29:18 -07:00
Erik Wilson
2c49341113
Merge pull request #1669 from erikwilson/manifest-mod-time
...
Check modification time before deploying manifests
2020-04-23 14:17:14 -07:00
galal-hussein
1d6b83d8a4
go generate
2020-04-23 02:42:12 +02:00
Erik Wilson
fec2c271c2
Check modification time before deploying manifests
2020-04-22 09:58:41 -07:00
Knic Knic
d919a0b998
Mock out rootlessports on windows
2020-04-21 15:43:36 -07:00
Darren Shepherd
dfcbd5a3c1
Update generated code
2020-04-18 23:59:08 -07:00
Darren Shepherd
a8d96112d9
Updates for k8s v1.18 support
2020-04-18 23:59:08 -07:00
Knic Knic
7f77c9a3c8
enable agent to start on windows
2020-04-18 23:43:08 -07:00
Dario Nieuwenhuis
cd0b58e920
Correctly quote auth strings in containerd config. Fixes #1610
2020-04-03 02:42:01 +02:00
louis
f2a4e1d57d
feat: add master taint toleration to klipper, coredns, metrics-server, traefik and local-storage
2020-03-25 19:11:10 +01:00
galal-hussein
2b6faa925f
use mirrored images for traefik and coredns
2020-03-23 19:00:30 +02:00
galal-hussein
356fe006a2
Add asterisks for omitted values in nodeconfig
2020-03-12 20:18:56 +02:00
galal-hussein
3f927d8006
Revert "Replace traefik with nginx"
...
This reverts commit 9a17033095
.
2020-03-11 01:45:23 +02:00
galal-hussein
c4f18227fc
default backend multiarch
2020-03-09 23:52:04 +02:00
galal-hussein
717b5a765e
use multiarch image for nginx
2020-03-07 00:19:32 +02:00
Erik Wilson
ceff3f58fb
Merge pull request #1466 from galal-hussein/traefik_to_nginx
...
Replace traefik with nginx
2020-03-02 15:04:09 -07:00
galal-hussein
9a17033095
Replace traefik with nginx
2020-03-03 00:00:39 +02:00
Erik Wilson
8725798578
Merge pull request #1464 from erikwilson/selinux-update
...
Simplify SELinux detection and add --disable-selinux flag
2020-02-28 15:42:45 -07:00
Erik Wilson
a3cb9ee1f6
Simplify SELinux detection and add --disable-selinux flag
2020-02-28 10:10:55 -07:00
Erik Wilson
0aeea78060
Merge pull request #1444 from KnicKnic/k3s_build_windows
...
K3s build windows (no agents)
2020-02-27 11:46:21 -07:00
Darren Shepherd
4d32fe9959
Support SELinux
2020-02-24 16:03:09 -07:00
Erik Wilson
4210800648
Merge pull request #1343 from ibuildthecloud/rootless
...
Create pidns for rootless
2020-02-24 15:05:52 -07:00
Knic Knic
c2db115ec3
fix formatting
2020-02-23 00:48:26 -08:00
Knic Knic
2346ccc63f
get build on windows and get api_server to work
2020-02-22 23:17:59 -08:00
Knic Knic
522e08872a
do not rename inuse files
2020-02-21 22:45:05 -08:00
Erik Wilson
fe45eb008a
Merge pull request #1416 from erikwilson/device-plugins-path
...
Use default kubelet device-plugins path
2020-02-14 14:19:51 -07:00
galal-hussein
d49ef31767
Inject node config on startup
2020-02-14 21:17:13 +02:00
Erik Wilson
b15c4473cd
Use default kubelet device-plugins path
2020-02-14 10:18:07 -07:00
Darren Shepherd
782004bec9
Create pidns for rootless
2020-01-31 21:40:34 -07:00
Erik Wilson
0374c4f63d
Add --disable flag
2020-01-30 16:45:01 -07:00
Erik Wilson
3592d0bdd9
Merge pull request #1344 from ibuildthecloud/dialer-fallback
...
If tunnel session does not exist fallback to default dialer
2020-01-27 13:59:45 -07:00
Erik Wilson
1a2690d7be
Merge pull request #1192 from galal-hussein/add_encryption_config
...
Add secret encryption config
2020-01-27 13:59:09 -07:00
Darren Shepherd
bf57a7f419
Don't start node controller if coredns is not deployed
2020-01-22 11:09:36 -07:00
Darren Shepherd
3396a7b099
If tunnel session does not exist fallback to default dialer
2020-01-22 11:04:41 -07:00
Erik Wilson
1b23c891dd
Merge pull request #1304 from erikwilson/fixup-cadvisor
...
Run kubelet with containerd flag
2020-01-20 15:37:22 -07:00
Erik Wilson
4cacffd7e6
Merge pull request #1298 from erikwilson/warn-npc-fail
...
Warn if NPC can't start rather than fatal error
2020-01-20 15:36:56 -07:00
Erik Wilson
fa03a0df3c
Run kubelet with containerd flag
...
The containerd flag was accidentally added to kubelet and is
deprecated, but needed for cadvisor to properly connect with
the k3s containerd socket, so adding for now.
2020-01-16 10:25:57 -07:00
Erik Wilson
5b98d10e4b
Warn if NPC can't start rather than fatal error
...
If the ip_set kernel module is not available we should warn
that the network policy controller can not start rather than
cause a fatal error.
Also adds module probing and config checks for ip_set.
2020-01-14 14:30:12 -07:00
Erik Wilson
7675f9f85c
Clean up host-gw variable names
2020-01-08 17:43:07 -07:00
Segator
c23f12765e
hostgw flannel support
2020-01-08 17:43:07 -07:00
Segator
6736e24673
support hostgw
2020-01-08 17:43:07 -07:00
Erik Wilson
9421746ccf
Merge pull request #1235 from ibuildthecloud/master
...
Fix uint64 truncation issue in dqlite
2019-12-23 13:56:18 -07:00
galal-hussein
388cd9c4e8
Add secret encryption configuration
2019-12-23 13:16:27 +02:00
Darren Shepherd
9bda58c81a
Fix uint64 truncation issue in dqlite
2019-12-21 08:51:39 -07:00
galal-hussein
07d4c1510d
Add lease permissions to ccm cluster role
2019-12-21 04:41:24 +02:00
Erik Wilson
5c37454762
Merge pull request #1198 from narqo/tunel-addr-join-host-port
...
Respect IPv6 when building proxy address
2019-12-19 15:20:12 -07:00
Erik Wilson
9b2538c2c4
Set wireguard persistent-keepalive on wg set peer
2019-12-19 14:54:48 -07:00
Erik Wilson
3376f31fc2
Revert "Merge pull request #1190 from erikwilson/wireguard-keepalive"
...
This reverts commit e712cdf7e8
, reversing
changes made to d5929bc8c8
.
Wireguard docs fail to describe that persistent-keepalive is only valid
when peer is set.
2019-12-19 14:41:38 -07:00
Vladimir Varankin
0c5299c951
pkg/agent/tunnel: respect ipv6 when building proxy addresses
2019-12-19 12:08:07 +01:00
Erik Wilson
6875b11dd2
Fix identity_token -> identitytoken for containerd toml
2019-12-17 21:14:05 -07:00
Darren Shepherd
4acaa0740d
Small dqlite fixes
2019-12-16 11:45:01 -07:00
Erik Wilson
97383868bd
Merge pull request #1186 from erikwilson/upgrade-k8s-1.17.0
...
Upgrade k8s to v1.17.0
2019-12-16 09:40:38 -07:00
Erik Wilson
e712cdf7e8
Merge pull request #1190 from erikwilson/wireguard-keepalive
...
Set Wireguard keepalive to 25 seconds
2019-12-16 09:40:11 -07:00
Erik Wilson
5679a8bd2f
Update generated
2019-12-15 23:28:19 -07:00
Erik Wilson
76281bf731
Update k3s for k8s 1.17.0
2019-12-15 23:28:19 -07:00
Erik Wilson
814c302d7c
Merge pull request #955 from btashton/servicelb-sysctl
...
Enable ip forwarding on both all and default net config
2019-12-12 17:31:02 -07:00
Erik Wilson
7b62811f98
Set Wireguard keepalive to 25 seconds
2019-12-12 10:40:41 -07:00
Erik Wilson
d4959d53af
Merge pull request #1182 from erikwilson/docker-pause-image
...
Allow --pause-image to set docker sandbox image also
2019-12-11 10:36:07 -07:00
Erik Wilson
2eacfa75cb
Merge pull request #1180 from erikwilson/cleanup-flannel-backend-help-text
...
Cleanup --flannel-backend help text
2019-12-11 10:35:50 -07:00
Erik Wilson
56b0743653
Merge pull request #1171 from dweomer/mutable-labels
...
Mutable --node-label values for server/agent sub-commands.
2019-12-11 10:35:27 -07:00
Erik Wilson
c2be59e5f3
Allow udp protocol for service-lb ports
...
For #577
2019-12-11 10:34:11 -07:00
Brennan Ashton
a952d5c32a
Default device net config enables ip forwarding
...
The Linux kernel is inconsistent about how devconf is configured for new
network namespaces between ipv4 and ipv6. The behavior can also be
controlled via net.core.devconf_inherit_init_net in Linux 5.1+ so make
sure to enable forwarding on all and default for both ipv6 and ipv4.
This issue first came up testing on a yocto kernel that had this patch:
ipv4: net namespace does not inherit network configurations
[0] https://www.kernel.org/doc/html/latest/admin-guide/sysctl/net.html#devconf-inherit-init-net
[1] https://lkml.org/lkml/2014/7/29/119
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-12-10 16:29:59 -08:00
Erik Wilson
2de93d70cf
Allow --pause-image to set docker sandbox image also
2019-12-10 16:16:26 -07:00
Erik Wilson
11e4d01efe
Cleanup --flannel-backend help text
2019-12-10 14:51:16 -07:00
Jacob Blain Christen
063efb25bb
Mutable --node-label values for server/agent sub-commands.
...
Values passed in via the server/agent `--node-label` flag are treated as mutable. They are passed through to the kubelet just as before but after the kubelet comes up they are applied again. This allows for passing labels a k3s start-time that may be necessary for scheduling but may change from boot to boot, e.g. `k3os.io/version` after an upgrade.
Tested locallon on my amd64 workstation with the docker container.
Addresses #1119 .
2019-12-09 16:40:15 -07:00
yuzhiquan
24869ddf21
remove []byte trans, handle func error
2019-11-28 19:26:45 +08:00
yuzhiquan
7cc0110081
fix typo
2019-11-28 19:24:19 +08:00
Erik Wilson
ce3a03a16a
Merge pull request #1111 from dduportal/patch-1
...
Bump Traefik to 1.7.19
2019-11-26 15:29:57 -07:00
dduportal
9598a527a2
Regenerate bindata
...
Signed-off-by: dduportal <1522731+dduportal@users.noreply.github.com>
2019-11-26 17:21:22 +01:00
Guangbo Chen
8ff4c3c256
Update base pause image to rancher repo
2019-11-25 16:09:05 +08:00
galal-hussein
99b8222e8d
Change storage to datastore
2019-11-15 21:52:07 -07:00
Darren Shepherd
c2e7f9c7b0
Add logging parameters
2019-11-15 21:51:51 -07:00
Darren Shepherd
4e544bded2
Delete unused code
2019-11-15 21:51:51 -07:00
Darren Shepherd
ff34c5c5cf
Download cert/key to agent with single HTTP request
...
Since generated cert/keys are stored locally, each server has a different
copy. In a HA setup we need to ensure we download the cert and key from
the same server so we combined HTTP requests to do that.
2019-11-15 21:51:51 -07:00
Erik Wilson
95ff805c98
Fix broken K3S_TOKEN env
2019-11-14 12:42:42 -07:00
Darren Shepherd
77703b90ff
Don't ever change 10252/10251 ports
...
Kubernetes componentstatus check is hardcoded to 10252 and 10251
so we should never change these ports. If you do componentstatus
will return error.
2019-11-13 18:20:57 -07:00
Erik Wilson
d4151b7739
Add the --with-node-id flag to agent
2019-11-13 16:13:41 -07:00
Erik Wilson
670d4b4162
Merge pull request #914 from erikwilson/validation-utilities
...
Add check-config for system validation
2019-11-13 09:00:08 -07:00
Erik Wilson
a73f8b1773
Update check-config.sh for k3s
2019-11-13 08:34:24 -07:00
Darren Shepherd
9a4df7c05c
Merge pull request #1058 from ibuildthecloud/master
...
Update kine/dynamiclistener
2019-11-13 15:31:48 +00:00
Darren Shepherd
6063317144
Add a couple more known SANs
2019-11-13 06:05:31 +00:00
Erik Wilson
e4b3730fa2
Go DNS lookup order hack
2019-11-12 20:16:31 -07:00
Erik Wilson
d383d1b47e
Merge pull request #1054 from erikwilson/sort-deployments
...
Use lexical (sorted) order for file deployments
2019-11-12 16:51:24 -07:00
Erik Wilson
b298733b3f
Use lexical (sorted) order for file deployments
2019-11-12 16:05:09 -07:00
Erik Wilson
55c05ac500
Refactor node password location
2019-11-12 15:30:34 -07:00
Erik Wilson
eff502342a
Fix node-passwd on upgrade missing 3 columns
2019-11-12 13:16:05 -07:00
Darren Shepherd
3e213d1347
Allow --debug to be set with K3S_DEBUG env var
2019-11-12 08:22:48 +00:00
Darren Shepherd
668fcf7e83
Fix broken --cluster-reset
2019-11-12 01:12:24 +00:00
Darren Shepherd
b2439788d7
Reduce logging in dqlite
2019-11-12 01:12:24 +00:00
Darren Shepherd
0ae20eb7a3
Support both http and db based bootstrap
2019-11-12 01:12:24 +00:00
Darren Shepherd
3f5fb70116
Move server arguments to experimental for dqlite related
2019-11-12 01:12:24 +00:00
Darren Shepherd
29b270dce6
Wait for apiserver to be health, not just running
2019-11-12 01:09:33 +00:00
Darren Shepherd
e2431bdf9d
Add dqlite support
2019-11-10 03:49:56 +00:00
Darren Shepherd
53d3ab074c
Shrink k3s wrapper binary
2019-11-08 21:35:58 +00:00
Darren Shepherd
91cacb3a14
Fix server join issues
2019-11-08 21:35:58 +00:00
Erik Wilson
e9a11c7cc4
Update generated code
2019-11-05 14:34:09 -07:00
Erik Wilson
47a94637dc
Move metrics-server manifests to sub-directory
2019-11-05 14:30:50 -07:00
Erik Wilson
01f6e0e64e
Add context to server daemon functions that wait
2019-11-05 11:06:07 -07:00
larmog
7aa3d08385
Wait for api-server to report version after starting
2019-11-05 11:05:22 -07:00
Erik Wilson
c4eb6ea3ef
Update generated data
2019-11-05 10:11:21 -07:00
Erik Wilson
0fef39de65
Add default multi-arch metrics-server deployment
2019-11-05 10:11:08 -07:00
Erik Wilson
931f63073f
Merge pull request #899 from mrueg/coredns-ready
...
coredns: Add readinessProbe
2019-11-04 14:25:45 -07:00
Erik Wilson
2bbc356f65
Merge pull request #1008 from erikwilson/ip6-system-setup
...
Improve ip6 system setup & utilities
2019-11-04 14:24:55 -07:00
Erik Wilson
afa9422ad9
Improve ip6 system setup & utilities
2019-11-04 11:35:14 -07:00
Darren Shepherd
609c5e5f51
Update generated code
2019-10-30 19:08:26 -07:00
Darren Shepherd
ba240d0611
Refactor tokens, bootstrap, and cli args
2019-10-30 19:06:49 -07:00
Manuel Rüger
e8ca18ab2b
coredns: Add readinessProbe
2019-10-29 11:51:36 +01:00
Erik Wilson
8a8fa8a351
Update go generated data
2019-10-28 16:10:36 -07:00
YAMAMOTO Takashi
4970d6133f
Propagate DisableAgent flag
...
The recent setMasterRoleLabel stuff uses it.
2019-10-28 14:43:53 +09:00
Erik Wilson
f648a64ee3
Merge pull request #923 from AkihiroSuda/fix-rootless-kubelet-flags
...
rootless: add kubelet flags automatically
2019-10-25 01:40:06 -07:00
Akihiro Suda
aafccdbccb
rootless: add kubelet flags automatically
...
Fix https://github.com/rancher/k3s/issues/784
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-10-25 17:10:14 +09:00
Erik Wilson
ad4ea681ce
Hide the --disable-agent flag
2019-10-24 21:51:58 -07:00
Erik Wilson
1cd3786a6a
Merge pull request #952 from btashton/bump-klipper-lb
...
Bump klipper-lb version
2019-10-24 21:30:06 -07:00
Brennan Ashton
af7dc09f5c
Bump klipper-lb version
...
Signed-off-by: Brennan Ashton <brennana@jfrog.com>
2019-10-24 14:01:47 -07:00
Erik Wilson
aed163b338
Remove trailing whitespace trimming from containerd template
2019-10-23 08:02:07 -07:00
Erik Wilson
2ff2baba49
Merge pull request #913 from erikwilson/kube-router-network-policy
...
Add network policy support
2019-10-18 16:14:18 -07:00
Erik Wilson
da3a7c6bbc
Add network policy controller
2019-10-18 16:11:42 -07:00
Erik Wilson
1df72d14b8
Cleanup containerd config template spacing
2019-10-18 12:34:27 -07:00
Erik Wilson
90df4a1921
Use containerd-shim-run-v2
2019-10-18 12:34:27 -07:00
Erik Wilson
12307a4a69
Fallback to /etc/strongswan for config
...
Needed for docker image
2019-10-17 22:38:48 -07:00
Darren Shepherd
30c14a4db6
Merge pull request #901 from erikwilson/default-kubelet-dir
...
Use default kubelet directory
2019-10-17 16:49:11 -07:00
Erik Wilson
0ee586c233
Merge pull request #894 from galal-hussein/fix_master_label_ha
...
Fix Master label in HA setups
2019-10-16 16:31:12 -07:00
Erik Wilson
265181715a
Merge pull request #892 from iwilltry42/master
...
[Enhancement] include subdirectories for auto-deploy manifests
2019-10-16 16:30:35 -07:00
Erik Wilson
9e14d3e470
Merge pull request #851 from MagnaXSoftware/switch-string-slice
...
Add comma-separated no-deploy values
2019-10-16 16:00:46 -07:00
galal-hussein
7c60285435
Fix master role label in ha setups
2019-10-16 21:55:40 +02:00
Xavier Landreville
2f4a08c54d
Add comma-separated no-deploy values
...
This allows no-deploy values to be either specified as multiple --no-deploy invocations,
or a single invocation with comma-separated values.
2019-10-16 15:51:04 -04:00
galal-hussein
d2c1f66496
Add k3s cloud provider
2019-10-16 21:13:15 +02:00
Erik Wilson
c72ef62d2c
Use default kubelet directory
2019-10-15 10:47:03 -07:00
Thorsten Klein
50017c39a2
include subdirectories for auto-deploy manifests
2019-10-11 12:59:37 +02:00
Erik Wilson
c12d2a1aea
Merge pull request #867 from galal-hussein/private_reg
...
Add private registry support to containerd
2019-10-10 14:35:37 -07:00
galal-hussein
436ff4ef63
fix cert rotation function
2019-10-10 03:35:32 +02:00
galal-hussein
5ccc880ddb
Add private registry to containerd
2019-10-08 01:54:53 +02:00
Erik Wilson
cac41db0e1
Merge pull request #816 from galal-hussein/default_local_storage
...
Add default storage class
2019-10-01 14:09:24 -07:00
galal-hussein
2dc5ba5bae
Add certificate rotation
2019-09-30 18:34:58 +02:00
galal-hussein
56e0e5ad7e
Add default local storage provisioner
2019-09-30 18:17:33 +02:00
Erik Wilson
6f7a1a70fa
Label new flannel flags as experimental
2019-09-27 18:33:05 -07:00
Erik Wilson
0af32bba75
Use newest flannel API
2019-09-27 18:33:05 -07:00
Erik Wilson
999e40d6d3
Add strongswan utilities for ipsec
2019-09-27 18:26:39 -07:00
Erik Wilson
959acf9c92
Add --flannel-backend flag
2019-09-27 18:26:39 -07:00
Erik Wilson
359a77939c
Enable hairpin mode
2019-09-27 18:26:39 -07:00
Erik Wilson
36fa425d45
Enable extension and ipsec flannel backends
2019-09-27 18:26:39 -07:00
Erik Wilson
3cd807a657
Add --flannel-conf flag
2019-09-27 18:26:39 -07:00
Darren Shepherd
8dcc09f7be
Update generated code
2019-09-27 16:54:37 -07:00
galal-hussein
b1891f445b
Add master role label on startup
2019-09-27 23:04:24 +02:00
Erik Wilson
db9540aa10
Bump CoreDNS to v1.6.3
2019-09-18 17:11:04 -07:00
Darren Shepherd
36ca606073
Merge pull request #793 from yamt/noderestriction
...
Add back NodeRestriction
2019-09-07 12:07:01 -07:00
Darren Shepherd
df1f4551cb
Update generated code
2019-09-05 15:16:44 -07:00
YAMAMOTO Takashi
9cf80eacd9
Add back NodeRestriction
...
It has been removed as a part of #764 for no obvious reasons.
Fix #791
2019-09-05 15:47:46 +09:00
Erik Wilson
197985c673
Add --kubelet-certificate-authority flag
2019-09-02 10:49:23 -07:00
Darren Shepherd
209acb58c1
Revert CSI patch
2019-08-31 22:39:24 -07:00
Darren Shepherd
8f597ba168
Don't run leader elections on controllers when no leader election
2019-08-28 20:53:40 -07:00
Darren Shepherd
f0382329a5
Drop openapi hack
2019-08-28 20:53:39 -07:00
Darren Shepherd
f34329f4f1
Wrong import
2019-08-28 20:53:39 -07:00
Darren Shepherd
f57dd13774
Default kube-apiserver to httpsport + 1
2019-08-28 20:53:38 -07:00
Darren Shepherd
9c8b95be9d
Drop unneeded prometheus imports
2019-08-28 20:53:37 -07:00
Darren Shepherd
a51a2eaaad
Add anonymous-auth=false and remove NodeRestriction
2019-08-28 20:53:37 -07:00
Darren Shepherd
b24f214a50
Update to new cri-api import
2019-08-28 20:53:36 -07:00
Manuel Zapf
50227ff894
bump traefik version to 1.7.14 ( #769 )
...
* bump traefik version
2019-08-28 20:21:07 -07:00
Erik Wilson
a5238098d1
Merge pull request #752 from carlosedp/patch-1
...
Enable metrics endpoint to Traefik
2019-08-26 21:26:02 -07:00
Erik Wilson
5679cfafaf
Merge pull request #707 from ibuildthecloud/pr683
...
Integrate Kine
2019-08-26 09:25:37 -07:00
Darren Shepherd
2cb6f52339
Disable storing bootstrap information by default
2019-08-24 22:27:24 -07:00
Carlos Eduardo
993e6a1950
Enable metrics endpoint to Traefik
2019-08-22 19:42:58 -03:00
Erik Wilson
e6067314c9
Localhost -> 127.0.0.1
2019-08-22 11:56:00 -07:00
galal-hussein
1ae0c540d7
Refactor bootstrap, move kine startup code to kine, integrate kine
2019-08-22 09:14:43 -07:00
Erik Wilson
a76ca2e887
Remove hostname requirement in `/etc/hosts`
2019-08-21 22:56:20 -07:00
William Zhang
458cea6633
Update traefik to 1.7.12
...
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-20 02:35:07 +00:00
Darren Shepherd
99716deb08
Merge pull request #705 from yamt/cg
...
Appease kubelet warnings on docker for mac
2019-08-15 17:13:14 -07:00
Darren Shepherd
63dfc168d7
Merge pull request #718 from erikwilson/log-update
...
Cleanup logging
2019-08-15 17:12:29 -07:00
William Zhang
bdb8550638
🔧 jteeuwen/go-bindata --> go-bindata/go-bindata
...
Signed-off-by: William Zhang <warmchang@outlook.com>
2019-08-12 03:24:03 +00:00
Erik Wilson
c849525a27
Merge pull request #722 from erikwilson/debug-lb-logs
...
Change load balancer logging to debug
2019-08-09 14:12:31 -07:00
Erik Wilson
98254a3412
Change load balancer logging to debug
2019-08-08 10:48:11 -07:00
Erik Wilson
30e050a692
Cleanup logging
2019-08-07 22:45:54 -07:00
Erik Wilson
3c342e22a6
Fix panic in node controller
2019-08-06 10:42:42 -07:00
YAMAMOTO Takashi
fc8eddae29
Appease kubelet warnings on docker for mac
...
On my environment, the name=systemd entry in /proc/self/cgroup
looks like:
13:name=systemd:/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499
Kubelet periodically complains like:
E0802 06:42:52.667123 1 summary_sys_containers.go:47] Failed to get system container stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get cgroup stats for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": failed to get container info for "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy": unknown container "/docker/917b388b40c70b17a3283d852d38bfcdc84d1bf8242e32a779eacd98a610e499/kube-proxy"
2019-08-02 16:22:51 +09:00
Erik Wilson
c170115c54
Merge pull request #676 from erikwilson/go-proxy
...
Add go load-balancing proxy
2019-08-01 16:03:41 -07:00
Erik Wilson
5deef13086
Merge pull request #687 from yamt/cacerts
...
Simplify startWrangler a bit
2019-08-01 16:01:42 -07:00
Erik Wilson
be0cc6e943
Merge pull request #690 from erikwilson/regenerate-certs-on-ca-change
...
Regenerate server certs if CA changed
2019-08-01 15:59:54 -07:00
Erik Wilson
739e4214bd
Merge pull request #693 from yamt/insecure-bootstrap
...
Fix bootstrap with non-tls etcd
2019-07-31 14:18:35 -07:00
Erik Wilson
506d8cdcc3
Merge pull request #691 from erikwilson/early-return-routes
...
Fix missing early returns on routes
2019-07-31 14:12:09 -07:00
YAMAMOTO Takashi
d78701acb1
Fix bootstrap with non-tls etcd
2019-07-31 16:14:13 +09:00
Erik Wilson
fdb997b4ee
Fix missing early returns on routes
2019-07-30 15:44:34 -07:00
Erik Wilson
a74d9e5282
Regenerate server certs if CA changed
2019-07-30 14:55:25 -07:00
Erik Wilson
a17e336993
Use go tcpproxy
2019-07-30 09:53:15 -07:00
YAMAMOTO Takashi
88e668cf6f
Simplify startWrangler a bit
...
We no longer make dynamiclistener generate CA certs.
2019-07-30 10:16:45 +09:00
YAMAMOTO Takashi
07eeb56d81
Remove pkg/proxy which is no longer used
2019-07-29 12:49:13 +09:00
YAMAMOTO Takashi
35d972fd72
Sort args to make log outputs a bit more deterministic
2019-07-24 13:16:41 +09:00
Erik Wilson
1833b65fcd
Merge pull request #647 from yamt/remove-proxy-port
...
Remove agent proxy config which is no longer used
2019-07-23 15:51:51 -07:00
Erik Wilson
e1162c7cfa
Update agent to notify systemd
2019-07-18 06:40:39 -07:00
Erik Wilson
8ce509ee6b
Cleanup tunnel logs
2019-07-18 05:00:07 -07:00
Erik Wilson
23b0797578
Add context to tunnel connect
2019-07-17 18:15:15 -07:00
Erik Wilson
b93b4732eb
Start endpoint tunnel watch before waiting
2019-07-17 17:13:40 -07:00
Erik Wilson
2d32337334
Merge pull request #650 from erikwilson/update-bootstrap
...
Bootstrap node key files & fix permissions
2019-07-17 14:22:05 -07:00
Erik Wilson
2f4d2838ea
Bootstrap node key files & fix permissions
2019-07-17 13:57:33 -07:00
YAMAMOTO Takashi
dc4ebd4c67
Remove agent proxy config which is no longer used
2019-07-17 18:05:16 +09:00
YAMAMOTO Takashi
f6a04ea995
Add a few comments in bootstrap.go
2019-07-17 16:25:34 +09:00
Erik Wilson
f6701bbe99
Merge pull request #634 from erikwilson/enforce-type-on-bootstrap
...
Enforce explicit read or write for bootstrap
2019-07-14 00:52:37 -07:00
Erik Wilson
fdc1427317
Add more logs for bootstrap
2019-07-14 00:49:08 -07:00
Erik Wilson
e77dc568bb
Cleanup tunnel
2019-07-14 00:29:21 -07:00
Erik Wilson
34fc4d0336
Merge pull request #629 from erikwilson/update-remotedialer
...
Update remotedialer & tunnel logs
2019-07-12 16:22:10 -07:00
Erik Wilson
131f3bec44
Merge pull request #619 from erikwilson/node-ip-from-flannel-iface
...
Default node-ip from flannel-iface
2019-07-12 16:21:05 -07:00
Erik Wilson
e79fda96d2
Enforce explicit read or write for bootstrap
2019-07-12 16:18:53 -07:00
Erik Wilson
a1ce08d4f1
Default node-ip from flannel-iface
2019-07-12 15:46:36 -07:00
Erik Wilson
7e6664b684
Add resource version to tunnel endpoint watch
2019-07-12 15:38:49 -07:00
Erik Wilson
034a863696
Cleanup remotedialer tunnel logs
2019-07-12 15:38:49 -07:00
Erik Wilson
403e73ab1c
Merge pull request #633 from ibuildthecloud/wrangler
...
Update wrangler
2019-07-12 11:11:36 -07:00
Darren Shepherd
37a60b18ca
Update wrangler
2019-07-12 10:21:15 -07:00
Darren Shepherd
dbb7b04c3d
Add option to disable scheduler
2019-07-12 09:59:03 -07:00
Erik Wilson
185a8dca13
Merge pull request #615 from erikwilson/master
...
Use watch-cache for kvsql
2019-07-07 14:46:08 -07:00
Erik Wilson
ad11ba583f
Use watch-cache for kvsql
2019-07-07 14:43:43 -07:00
Erik Wilson
c32e6469a8
Revert "Merge pull request #607 from dramich/mockgen"
...
This reverts commit cb306b9378
, reversing
changes made to ebb12c74c6
.
2019-07-07 14:41:19 -07:00
Erik Wilson
e0212144e8
Tunnel agent to all servers
...
Watch the kubernetes endpoints to create a tunnel to all servers.
2019-07-03 13:11:54 -07:00
Dan Ramich
3d50502cae
Generated changes
2019-07-02 15:52:42 -07:00
Dan Ramich
760dd6b655
Disable mock generation
2019-07-02 15:36:43 -07:00
Erik Wilson
11a4c71f28
Use watch-cache for etcd3 backend
2019-07-01 14:09:25 -07:00
Erik Wilson
853708c8ba
Merge pull request #591 from erikwilson/add-ctr
...
Build & enable ctr with k3s server
2019-06-30 13:06:00 -07:00
Erik Wilson
24b73403c7
Cleanup bootstrap
2019-06-30 12:39:54 -07:00
Erik Wilson
ed72856d27
Build & enable ctr with k3s server
2019-06-30 09:30:25 -07:00
Erik Wilson
8d979d675e
Add tls support for etcd cert storage backend
2019-06-30 08:28:42 -07:00
Erik Wilson
4b540f8d94
Cleanup command help text
2019-06-28 18:18:03 -07:00
galal-hussein
37582b6fac
Add cert storage backend flag
2019-06-28 20:47:21 +02:00
galal-hussein
28d9d83be2
Add k3s HA bootstrap
2019-06-27 21:00:43 +02:00
Erik Wilson
7090a7d551
Move node password to separate file
2019-06-25 15:04:04 -07:00
Erik Wilson
29865fd9c9
Remove agent proxy
2019-06-25 15:04:04 -07:00
Erik Wilson
c9b62c9a90
Remove CA Certs/Key from listenerconfig storage
2019-06-25 15:04:04 -07:00
Erik Wilson
93f6690f26
Graceful upgrade token to server CA
2019-06-25 15:04:04 -07:00
Erik Wilson
1e035820bf
Generated data
2019-06-25 15:04:04 -07:00
Erik Wilson
2c9444399b
Refactor certs
2019-06-25 15:04:04 -07:00
Darren Shepherd
30c3c42f93
Add missing ConfigMap cache to helm apply
2019-06-19 13:32:14 -07:00
galal-hussein
94b5a22dda
Disable the svclb controller nodeploy for svclb is passed
2019-06-18 23:05:16 +02:00
Darren Shepherd
e0d2bd3e2d
Merge branch 'pr505'
2019-06-14 13:28:19 -07:00
Darren Shepherd
9f4e43fea6
Merge pull request #506 from AkihiroSuda/bump-up-rootlesskit
...
rootless: use built-in port driver
2019-06-14 13:23:14 -07:00
Erik Wilson
2b44679352
Generated data
2019-06-14 09:37:59 -07:00
galal-hussein
17d8708ca5
Add storage backend flags
2019-06-12 00:48:47 +02:00
Akihiro Suda
5a51a8de45
rootless: use built-in port driver
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-05-29 15:01:38 +09:00
Akihiro Suda
490d6aefe0
rootless: fix mounting /var/lib/cni
...
k3s was unable to start up when /var/lib/cni is missing on the host.
Fix https://github.com/rancher/k3s/issues/470
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2019-05-29 14:04:28 +09:00
Erik Wilson
199f673676
Merge pull request #479 from galal-hussein/add_storage_backend_options
...
Add MySQL and Postgress support
2019-05-28 16:57:38 -07:00
Darren Shepherd
7ee554013a
Update generated code
2019-05-26 22:35:57 -07:00
Darren Shepherd
d94a346a1e
Switch to wrangler-api and helm-controller
2019-05-26 22:32:24 -07:00
Darren Shepherd
c0702b0492
Port to wrangler
2019-05-26 22:28:50 -07:00
Darren Shepherd
16f7aaab66
Update vendor
2019-05-25 23:44:33 -07:00
Darren Shepherd
4b4dd1b59b
Merge pull request #454 from galal-hussein/node_labels_taints
...
Expose node labels and taints and add node roles
2019-05-25 00:39:55 +02:00
Darren Shepherd
a999cd43aa
Merge pull request #459 from galal-hussein/check_time
...
Check if server time before 1/1/1970
2019-05-25 00:38:53 +02:00
Darren Shepherd
0c18c5a92a
Merge pull request #461 from galal-hussein/fix_alternate_kubeconfig
...
Create symlink for kubeconfig when --write-kubeconfig is selected
2019-05-25 00:38:18 +02:00
Darren Shepherd
06b1acb324
Merge pull request #460 from galal-hussein/kubeconfig_readable
...
change permissions of kubeconfig and issue warning with kubectl wrapper
2019-05-25 00:36:30 +02:00
galal-hussein
e9cd8adbf6
Add Storage endpoint option
2019-05-16 01:05:24 +02:00
galal-hussein
4c6cf29e02
Create symlink for kubeconfig when --write-kubeconfig is selected
2019-05-10 21:08:28 +02:00
galal-hussein
483df6fd82
Check if server time before 1/1/1980
...
Check
2019-05-10 20:29:42 +02:00
Wenxuan Zhao
f0f57c1e44
Allow using built-in modules
...
Signed-off-by: Wenxuan Zhao <viz@linux.com>
2019-05-09 12:23:33 -07:00
galal-hussein
36bab003a3
Make kubeconfig not world readable and issue warning with kubectl wrapper
2019-05-09 00:54:52 +02:00
galal-hussein
930093dfe9
Expose node labels and taints and add node roles
2019-05-08 01:47:07 +02:00
Erik Wilson
b0e4228609
Merge pull request #434 from galal-hussein/add_no_proxy
...
Add no_proxy env to server
2019-05-03 15:20:13 -07:00
Erik Wilson
f7376ad979
Update proxy environment for helm controller
...
Add lowercase no_proxy and all_proxy/ALL_PROXY to environment for helm
2019-05-03 11:10:42 -07:00
galal-hussein
d9f958ceeb
Add no_proxy environment to server
2019-05-03 19:44:30 +02:00
haokang.ke
52f845ec84
Make pause image configurable ( #345 )
2019-05-03 10:36:12 -07:00
Darren Shepherd
ea94b1af77
Merge pull request #433 from erikwilson/fix-0.5.0-cert-upgrade-bug
...
Force upgrade of token node cert
2019-05-03 10:35:36 -07:00
Darren Shepherd
5c62dcbb4b
Merge pull request #435 from galal-hussein/svclb_upgrade
...
handle old service lb deployments
2019-05-03 10:34:12 -07:00
galal-hussein
1e33142f29
handle old service lb deployments
2019-05-03 14:51:02 +02:00
galal-hussein
5d8d9e610b
Add timeout to hostname check
2019-05-03 14:41:08 +02:00
Erik Wilson
d5ce19caae
Force upgrade of token node cert
2019-05-02 16:22:42 -07:00
Darren Shepherd
4ec051d032
Merge pull request #422 from galal-hussein/use_cni_with_docker
...
Add cni plugin to kubelet if docker is used
2019-05-02 10:45:34 -07:00
Darren Shepherd
9005fd5176
Merge pull request #423 from galal-hussein/change_threshold
...
Change the stderr threshold for cli
2019-05-02 10:45:21 -07:00
galal-hussein
7e1699cda0
Check if hostname is resolvable before running agent
2019-05-01 22:54:05 +02:00
galal-hussein
fae6df0df0
Change the stderr threshold for cli
2019-05-01 05:23:32 +02:00
galal-hussein
191ac9371a
Add cni plugin to kubelet if docker is used
2019-04-30 22:12:02 +02:00
Darren Shepherd
2950e81c23
Merge pull request #371 from warmchang/nf_conntrack
...
🔧 modprobe nf_conntrack
2019-04-26 16:01:13 -07:00
Darren Shepherd
9db91d7de3
Merge pull request #369 from erikwilson/node-dns
...
Node DNS & cert registration
2019-04-26 16:00:31 -07:00
Darren Shepherd
875ba289de
Merge pull request #375 from galal-hussein/schedule_svclb
...
Add node selector to service loadbalancer controller
2019-04-26 15:58:33 -07:00
Darren Shepherd
50f405ddfd
Merge pull request #376 from galal-hussein/fix_kubeletarg
...
Fix extra argument with multiple =
2019-04-26 15:57:16 -07:00
Erik Wilson
c9941895d6
Bind kubelet to all interfaces and use webhook auth
2019-04-26 15:02:30 -07:00
galal-hussein
f293e14645
Use NodeSelector when node label is enabled
2019-04-26 20:20:11 +02:00
Erik Wilson
305b596745
Remove node OnCreate
2019-04-26 10:50:33 -07:00
William Zhang
22bd3a3ce7
🔧 nf_conntrack module
...
Signed-off-by: William Zhang <zhang.wanmin@zte.com.cn>
2019-04-26 08:55:48 +08:00
galal-hussein
72d2edc0cb
Fix extra argument with multiple =
2019-04-25 22:49:03 +02:00
Darren Shepherd
9376c39adf
Merge pull request #381 from galal-hussein/containerd_tmpl
...
Add containerd config go template
2019-04-25 13:36:30 -07:00
galal-hussein
bdf8a355e1
Add containerd config go template
2019-04-25 22:17:34 +02:00
Darren Shepherd
6a43f63c70
Merge pull request #388 from galal-hussein/pass_proxy_variable_to_helm
...
Add proxy env to helm controller
2019-04-25 11:33:26 -07:00
Erik Wilson
f584197bba
Save password as text file
2019-04-25 10:53:21 -07:00
galal-hussein
b87684fcb9
Add proxy env to helm controller
2019-04-24 04:27:52 +02:00
Erik Wilson
e64c0298f2
Add cert per-node password authentication
2019-04-23 11:02:35 -07:00
Erik Wilson
055a574fee
Simplify DNS hosts creation
2019-04-22 16:13:16 -07:00
Erik Wilson
1b2db423de
Add node name to node cert generation
2019-04-19 18:20:34 +00:00
Erik Wilson
37dd5cbfd2
Generated data
2019-04-17 22:44:46 +00:00
Erik Wilson
31cf2bc9ee
Add coredns entries for nodes
2019-04-17 22:44:46 +00:00
galal-hussein
c42ea5ec89
Skip any file with no yaml yml or json suffix
2019-04-18 00:13:11 +02:00
Darren Shepherd
be24f837bb
Merge pull request #349 from erikwilson/missing-cgroup-pids-fix
...
Check for cgroup pids support
2019-04-15 15:52:07 -07:00
Erik Wilson
4bba04023d
Check for cgroup pids support
...
If cgroup pids are not supported add a feature-gates flag
SupportPodPidsLimit=false for kubelet.
2019-04-15 22:26:50 +00:00
Darren Shepherd
0e3711b8b7
Merge pull request #339 from km4rcus/cluster-domain-option
...
Add --cluster-domain option
2019-04-15 10:06:07 -07:00
Darren Shepherd
08c3d0d4ef
Merge pull request #250 from yoink00/master
...
Allow flannel interface to be specified on the command line
2019-04-15 10:01:22 -07:00
Stuart Wallace
2268e028a2
Add ability to override flannel interface
2019-04-12 21:06:43 +01:00
Marco Mancini
b445bad171
Add --cluster-domain option
2019-04-12 08:06:35 +02:00
galal-hussein
e5d8d72e59
Fix comment of bind address
2019-04-12 02:30:49 +02:00
Erik Wilson
c48739206a
Enable aggregation layer
...
Configure kube-apiserver, kubelets, and kube-proxy for use with
aggregation layer in order for metrics-server deployment to function
correctly.
2019-04-11 22:43:31 +00:00
Darren Shepherd
046a817818
Add rootless support
2019-04-09 10:38:04 -07:00
galal-hussein
7794528aa1
Add extra flags for server and agent components
2019-04-09 08:20:38 +02:00
Darren Shepherd
a11ac8cc40
Pull in parallel for CRI
2019-04-08 22:50:59 -07:00
Darren Shepherd
8010a24c91
Update generated code for k8s 1.14
2019-04-08 22:50:59 -07:00
Darren Shepherd
841f8d29e6
Ensure CSI is initialized properly when running agent and server combined
2019-04-08 22:50:59 -07:00
Darren Shepherd
3c7e103085
Updates for k8s 1.14
2019-04-08 22:50:59 -07:00
Darren Shepherd
9e80177443
Merge pull request #289 from galal-hussein/add_bind_address
...
Add bind address server config
2019-04-08 22:36:58 -07:00
galal-hussein
e8c5b2498c
Change address to bind-address for scheduler and api
2019-03-31 14:55:56 +02:00
galal-hussein
d255574150
Add bind address server config
2019-03-31 02:10:23 +02:00
Erik Wilson
bb14bcb595
Update generated data
2019-03-26 23:13:54 +00:00
Erik Wilson
a4df9f4ab1
Kubelet resolv.conf DNS update
...
Allow the kubelet resolv-conf flag to be set, or automatically
discovered from /etc/resolv.conf & /run/systemd/resolve/resolv.conf if
no loopback devices are present, or create our own which points to
nameserver 8.8.8.8
2019-03-26 23:13:54 +00:00
Erik Wilson
1d61576e54
Fix linting issues
2019-03-25 16:04:29 -07:00
Darren Shepherd
4463408819
Merge pull request #239 from takmatsu/add-hosts
...
Add tls-san flag
2019-03-25 09:54:21 -07:00
Darren Shepherd
9a57e6fd0f
Merge pull request #257 from mortenlj/master
...
Skip writing manifest when using `--no-deploy`
2019-03-25 09:51:16 -07:00
Erik Wilson
2768f559c1
Fix go fmt error
2019-03-24 12:19:05 -07:00
Morten Lied Johansen
9033891f88
Skip writing manifest when using `--no-deploy`
...
Instead of skipping the manifest when listing the directory, we now skip
creating it in the first place. This allows users to deploy manifests
that replaces the ones bundled, without having to come up with a new
name.
Fixes #230 .
2019-03-23 22:22:58 +01:00
Takeaki Matsumoto
3a6b305455
Change flag name and type
2019-03-23 17:34:55 +00:00
Erik Wilson
9645048a57
Update klipper-helm version
2019-03-22 06:05:26 +00:00
Erik Wilson
8d57fbd430
Change klipper-helm to PullIfNotPresent
...
PullAlways ImagePullPolicy causes issues with offline/airgap support,
so only pull if image is not already present.
2019-03-22 00:10:29 +00:00
Erik Wilson
e75e5171af
Generated bin data
2019-03-20 18:35:25 +00:00
Erik Wilson
ffcc9c0c9c
Package static assets
...
Include static Helm assets in the build process needed for air-gap
2019-03-20 18:35:25 +00:00
Erik Wilson
608f3a4e80
Serve static assets
...
Provide a static assets route for use with helm or other air-gap needs.
2019-03-20 00:24:27 +00:00
Takeaki Matsumoto
9551e1db21
Add advertise-address flag
...
In NAT or LB environment,
we need not just the certs for local ip, but also additional ips.
advertise-address flag enables to add optional ips.
2019-03-18 08:26:23 +00:00
Darren Shepherd
8649243d34
Merge pull request #229 from epicfilemcnulty/Skip-empty-yaml-objects
...
Do not process empty yaml objects (fixes #222 )
2019-03-17 13:01:40 -07:00
Erik Wilson
7e1abf28f1
Short port names for service load balancer
...
If a port name is longer than 15 characters we are unable to create
the associated service load balancer containers. Use our own short
name of `lb-port-{port}` to avoid naming issues.
For rancher/k3s/issues/90
2019-03-14 18:53:00 +00:00
Vladimir Zorin
d1348b9898
Trim whitespaces before checking if line is empty or comment
2019-03-14 14:12:02 +02:00
Vladimir Zorin
567532d74d
Do not process empty yaml objects ( fixes #222 )
2019-03-14 13:36:26 +02:00
Darren Shepherd
2771ae1ba9
Merge pull request #184 from ibuildthecloud/default-ns
...
Assign default namespace if not set in manifests
2019-03-07 13:04:50 -07:00
Darren Shepherd
937b379605
Merge pull request #183 from ibuildthecloud/helm
...
Various helm fixes
2019-03-07 13:04:42 -07:00
Darren Shepherd
9a862610ac
Merge pull request #177 from erikwilson/systemd-notify
...
Enable systemd ready notification for k3s server
2019-03-07 13:04:34 -07:00
Darren Shepherd
a649983228
Any change to helm chart values or values.yaml should upgrade
2019-03-07 13:01:21 -07:00
Darren Shepherd
769c1d5415
Fix manifest polling
2019-03-07 13:01:21 -07:00
Darren Shepherd
bef4115657
Assign default namespace if not set in manifests
2019-03-07 13:00:35 -07:00
Darren Shepherd
6e28ede2f8
Fix containerd debug log env var
2019-03-07 11:20:58 -07:00
Darren Shepherd
fe9a5b1601
Remove spurious error on start
2019-03-07 10:25:21 -07:00
Erik Wilson
107b5f3985
Enable systemd ready notification for k3s server
...
Disables k8s generic api server systemd ready notification and send
our own ready notification after server available and kubeconfig
available.
Make sure we unset the NOTIFY_SOCKET environment variable by passing
`true` to SdNotify so the agent can start containers.
2019-03-07 09:54:04 -07:00
Darren Shepherd
2f3da6af94
Merge pull request #175 from ldez/refactor/load-images
...
refactor: creates preloadImages function.
2019-03-07 09:46:27 -07:00
Fernandez Ludovic
e59bd5d489
refactor: creates loadImages function.
2019-03-07 01:45:52 +01:00
Vladimir Zorin
392cfb1231
Add basic templating support for manifests
2019-03-07 01:22:55 +02:00
Vladimir Zorin
44cce9a76f
Set ClusterDNS to ServiceCIDR network address + 10 when cluster-dns is not provided
2019-03-06 20:41:07 +02:00
Vladimir Zorin
7ad03ad8b0
Add cluster-dns server arg support
2019-03-06 13:16:04 +02:00
Vladimir Zorin
b8c3ff1dab
Add --service-cidr server arg support
2019-03-06 12:37:03 +02:00
Adam Liddell
b430513abf
Enforce lower case hostname for node, references #160
2019-03-05 18:34:24 +00:00
Darren Shepherd
4475456a83
Update pkg/agent/config/config.go
...
Co-Authored-By: juliens <julien.salleyron@gmail.com>
2019-03-04 23:23:17 +01:00
Julien Salleyron
164b89bce4
fix review.
2019-03-04 21:46:37 +01:00
Julien Salleyron
1895eec684
Preload images
2019-03-04 21:34:24 +01:00
Darren Shepherd
0414f97c78
Revert "Enable systemd ready notification for k3s server"
...
This reverts commit c73e9187bb
.
2019-03-04 13:18:20 -07:00
Darren Shepherd
49d0f20e5b
Merge pull request #110 from ibuildthecloud/tokenfile
...
Add --token-file support
2019-03-04 10:13:31 -07:00
Darren Shepherd
ef4e34b289
Remove dead code
2019-03-04 10:10:17 -07:00
Darren Shepherd
8acc17fcf3
Merge branch 'master' into tokenfile
2019-03-04 10:10:01 -07:00
Darren Shepherd
70e6ca4ab8
Support external CRI implementations
2019-03-04 10:08:12 -07:00
Darren Shepherd
3d113ceb2d
Add agent command to server command
2019-03-04 10:08:12 -07:00
Darren Shepherd
964cebb070
Don't return object because double update might revert IP change
2019-03-04 10:08:03 -07:00
Thorsten Schifferdecker
2c398c5d5f
Update server.go
...
fallback to the old --address part and enable the non-tls port to make healthz happy
2019-03-04 10:07:30 -07:00
Thorsten Schifferdecker
35cfc717d3
fix missing ","
2019-03-04 10:07:30 -07:00
Thorsten Schifferdecker
ee2fffb0ca
make the controller-manager and scheduler usable for the
...
componentstatus.
Fixes #126
Signed-off-by: Thorsten Schifferdecker <schifferdecker@b1-systems.de>
2019-03-04 10:07:30 -07:00
Darren Shepherd
91f9472751
Add traefik to no-deploy help text
2019-03-04 10:07:10 -07:00
Darren Shepherd
fdb51c9f53
Cleanup docker cgroup errors in kubelet
2019-03-04 10:06:59 -07:00
Darren Shepherd
e5b7d36c55
Actually pass cluster-cidr on to server
2019-03-04 10:06:37 -07:00
Darren Shepherd
e28e497168
Add --token-file support
2019-03-01 17:07:55 -07:00
Erik Wilson
c73e9187bb
Enable systemd ready notification for k3s server
...
Disables k8s generic api server systemd ready notification and send
our own ready notification after server available and kubeconfig
available.
2019-03-01 10:47:34 -07:00
Sean Duffy
10f1553564
fix 'fannel' typo.
2019-02-28 10:30:45 -07:00
Darren Shepherd
cb5e425457
Set /proc/sys/net/ipv4/ip_forward on agent start
2019-02-23 22:43:59 -07:00
Darren Shepherd
828ce5a24a
Disable watch caching, not needed for sqlite
2019-02-22 19:58:42 -07:00
Darren Shepherd
b07727ae24
Move default config location to /etc/rancher/k3s/k3s.yaml
2019-02-19 09:53:41 -08:00
Darren Shepherd
8690a277ed
Fix ingress
2019-02-14 11:27:26 -07:00
Darren Shepherd
01b3bb315e
Fix version printing on startup
2019-02-07 21:45:31 -07:00
Darren Shepherd
56fae079e5
Update generated code
2019-02-07 21:45:31 -07:00
Darren Shepherd
b6f9045eca
Retry 1000 times on helm failure
2019-02-07 21:45:31 -07:00
Darren Shepherd
91002f1fee
Fix looping on startup while installing addons
2019-02-07 21:45:31 -07:00
Darren Shepherd
5e1ce4aa42
Cache self-signed loopback cert on startup
2019-02-07 21:45:31 -07:00
Darren Shepherd
af96c908da
Disable proxy hostname checks
2019-02-07 21:45:31 -07:00
Darren Shepherd
04c5567346
Validate that memory cgroup exists
2019-02-07 21:45:31 -07:00
Darren Shepherd
8bdd86198c
Fix dest port so it's the same as src port
2019-02-07 21:45:31 -07:00
Darren Shepherd
529aa431d1
Adjust debug logging and write containerd logs to a file
2019-02-07 21:45:31 -07:00
Darren Shepherd
3df9155d02
Monitor endpoint changes to trigger service-lb
2019-02-07 21:45:31 -07:00
Darren Shepherd
793ac4fb89
Add crictl
2019-02-07 21:45:31 -07:00
Darren Shepherd
84756df8a2
Only run two service-lb if there are more than 1 nodes ready
2019-02-04 22:04:33 -07:00
Darren Shepherd
bd269f8d3e
Update generated code
2019-02-04 16:47:53 -07:00
Darren Shepherd
1d666d9515
Add helm controller
2019-02-04 16:47:53 -07:00
Darren Shepherd
e832588662
Add embedded service load balancer
2019-02-04 16:47:53 -07:00
Darren Shepherd
400225e73d
Prepopulate known IPs in TLS
2019-02-04 16:47:53 -07:00
Darren Shepherd
529e22ef80
Disable leader election for now
2019-02-04 16:47:53 -07:00
Darren Shepherd
1826084b24
Add ping handler
2019-02-04 16:47:53 -07:00
Darren Shepherd
1502ad2530
Package serialized version of openapi
2019-01-25 22:09:46 -07:00
Darren Shepherd
93841ffbcb
Support kubectl symlink and avoid data in home dir
2019-01-25 22:09:46 -07:00
Darren Shepherd
3f2a951564
Ensure that br_netfilter module is loaded
2019-01-25 22:09:46 -07:00
Darren Shepherd
84b6c461b9
Fix go vet issue
2019-01-24 10:52:04 -07:00
Darren Shepherd
6fa7f5b3ae
Clean up build scripts
...
Switch binaries to armhf suffix to be more clean on the on
architecture
2019-01-24 10:51:37 -07:00
Darren Shepherd
287e0f44c9
Prepare for initial release
2019-01-22 14:20:29 -07:00
Darren Shepherd
62c62cc7b4
Continued refactoring
2019-01-11 21:52:30 -07:00
Darren Shepherd
9bb7c27c62
Initial Commit
2019-01-01 01:23:01 -07:00